Refreshing Tokens with Claims Principal #336
Assignees
Labels
Comments
|
The assumption is that the client application is going to extract the claims identity and tokens from the login result, and store them in some way that is appropriate for the platform. And similarly, when you refresh a token, you'd take the new access token out of the RefreshResult and replace the old access token with the new one. At that point, there's no reason that you couldn't keep using the claims principal from before the refresh. In other words, don't try to store everything in an instance of one of the result types, because that's not what they're intended for. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is an earlier issues raised about the Claims Principal not being present in a RefreshTokenResult, it doesn't appear to have been addressed.
I am using the LoginResult with the Claims Prinicipals to authenticate who is using my system. When the Token expires I want to be able to refresh that Token and then continue using the Claims to validate the permissions of the User.
The RefreshTokenAsync code does not create the Claims Principal and it is not possible to create a LoginResult as the Setters are internal.
What is the correct way to Refresh a token and continue to use the Claims from the original LoginResult?
The text was updated successfully, but these errors were encountered: